Skip to content

Social Engineering

What is it?

Social Engineering is a method of manipulation used to have someone perform an action that can compromise security or obtain confidential information from someone by phone, email, or in-person.  

Examples of Social Engineering

Phishing 

Phishing is probably the most common form of social engineering we see at the College.  The emails will typically contain a statement that something is going to happen to your account if you don't act now, which usually involves clicking on a link to a page where you are requested to provide your username and password and sometimes more.  

Another variant of phishing is Spear Phishing, which is targeted towards a specific individual or position likely to obtain confidential information or higher level credentials.

Pretexting 

When one party lies to another to gain access to privileged data, such as personal or financial data to confirm identity of the intended recipient.

Baiting 

Baiting is when the attacker leaves a malware-infected physical device, such as a USB, in a place where it is sure to be found.  Once the device is plugged in, the malware installs.

Tailgating 

Tailgating is when an unauthorized individual follows an authorized individual into a secure area.  This is usually for the unauthorized party to steal property or information.

How do I protect myself?

Be suspicious!  

If you receive a call that is requesting sensitive information, follow procedures.  Don't be pressured into providing information.  

Don't provide confidential information about yourself.  If it is something that seems like a legitimate reason, verify who the person or organization is and call them back on a publicly available number.  For example, if you receive a call that your banking card has been compromised, call the number on the back of the card.

Don't provide your password to others.

Dispose of sensitive data properly.  Shred receipts and other documents containing personal information.

Be cautious about posting personal information online.  Information found on Facebook or other sources can be used to make it seem like the attacker is someone you know or can be used to contact others to get more information about you.

Where can I report it?

You can contact the IT Service Desk at 435-283-7088 or ude.wons@ksedpleh or the Information Security Office at 435-283-7290 or ude.wons@ytirucesofni.